<?php
function getUsers($whatUsers=null) {
	global $userLevelArray, $dbname, $db, $db_selected;
	
	if ($whatUsers == 'staff') {
		$levelSecurity = ' LevelSecurity > 0 ';
	} elseif ($whatUsers == 'resource') {
		$levelSecurity = ' LevelSecurity = 0 ';
	} else {
		$levelSecurity = ' LevelSecurity > 0 ';
	}
	
	$sql = "SELECT * FROM cdc_Users
			WHERE 
			$levelSecurity AND
			Active = 1 AND 
			Organization = '".$_SESSION['org']."'";
	$result = mysql_db_query($dbname,$sql);
	
	if (mysql_num_rows($result)>0) {
		$stringJSON = '({"Users":[';
		while ($value = mysql_fetch_assoc($result)) {
			if ($value[UserName] == '0') {
				$userid = '';
			} else {
				$userid = $value[UserName];
			}
			if ($value[Password] == '0') {
				$password = '';
			} else {
				$password = $value[Password];
			}
			if ($value[StaffEmail] == '0') {
				$email = '';
			} else {
				$email = $value[StaffEmail];
			}
			if ($value[StaffPhone] == 0) {
				$phone = '';
			} else {
				$phone = $value[StaffPhone];
			}
			$newArray = array(
							'StaffID'       => $value[StaffID],
							'Delete'        => '<a href="#" onClick="confirmDelete(\''.$value[StaffID].'\',\'user\'); return false;" title="Delete"><img src="images/buttonDeleteBig.gif" style="border: none;" alt="Delete" /></a>',
							'Userid'        => $userid,
							'Password'      => $password,
							'LevelSecurity' => $userLevelArray[$value[LevelSecurity]],
							'NameFirst'     => $value[StaffFName],
							'NameLast'      => $value[StaffLName],
							'Email'         => $email,
							'Phone'         => $phone,
							'PTIAffiliation'=> $value['PTIAffiliation']
							);
			$stringJSON .= Zend_Json::encode($newArray).',';
		}	
	} 
	$stringJSON = substr($stringJSON,0,-1);
	$stringJSON .= ']})';
	return $stringJSON;
}

function deleteUser($userID) {
	global $dbname, $db, $db_selected;

	/*
	 * We don't really want to delete a user, just deactivate them
	 */
	$sql = "UPDATE cdc_Users SET Active = 0 WHERE StaffID = '$userID'";
	$result = mysql_db_query($dbname,$sql);
	return $userID;
}

function editUser($phpJSON) {
	global $userLevelArray,$dbname, $db, $db_selected;
	
	// Decode JSON
	$phpJSON = stripslashes($phpJSON);
	$phpArray = Zend_Json::decode($phpJSON);
	
	$userID    = $phpArray['staffID'];
	$value     = fieldToDB($phpArray['newValue']);
	$dbField   = $phpArray['fieldName'];
	$gridRow   = $phpArray['rowNumber'];
	$origValue = $phpArray['origValue'];
	
	if ($dbField == 'LevelSecurity') {
		$flipUserLevelArray = array_flip($userLevelArray);
		$value = $flipUserLevelArray[$value];
	}
	
	if (!empty($userID)) {
		$sql = "UPDATE cdc_Users SET $dbField = '$value' WHERE StaffID = '$userID'";
		$result = mysql_db_query($dbname,$sql);		
	}
	return $sql;
}	

function saveUser($phpJSON) {
	global $dbname, $db, $db_selected;
	
	// Decode JSON
	$phpJSON = stripslashes($phpJSON);
	$phpArray = Zend_Json::decode($phpJSON);
	
	$nameFirst  = $phpArray['nameFirst'];
	$nameLast   = $phpArray['nameLast'];
	$email      = $phpArray['email'];
	$phone      = $phpArray['phone'];
	$userid     = $phpArray['userid'];
	$userLevel  = $phpArray['userLevel'];
	$password   = $phpArray['password'];
	$adminLevel = $phpArray['levelSecurity'];
	$pti        = $phpArray['pti'];
	$formType   = $phpArray['formType'];
	
	/*
	 * Check for existing user
	 */
	$sqlCheck = "SELECT * from cdc_Users 
					WHERE 
						UserName = '$userid' AND
						Password = '$password'";
	$resultCheck = mysql_db_query($dbname,$sqlCheck);
	if (mysql_num_rows($resultCheck)>0) {
		return 'duplicate user';
	} else {	
		$sql = "INSERT into cdc_Users (
				StaffFName,
				StaffLName,
				LevelSecurity,
				UserName,
				Password,
				StaffEmail,
				StaffPhone,
				Organization,
				PTIAffiliation,
				Active,
				DateUpdate,
				Userid
				) values (
				'$nameFirst',
				'$nameLast',
				'$userLevel',
				'$userid',
				'$password',
				'$email',
				'$phone',
				'".$_SESSION['org']."',
				'$pti',
				'1',
				'".date('Y-m-d')."',
				'".$_SESSION['userid']."'
				)";
		$result = mysql_db_query($dbname,$sql);
		$uID = mysql_insert_id();
	
		//sendNewUserEmail($uID);
		return 'success';
	}
}
?>